gittuf
« Back to VersTracker
Description:
Security layer for Git repositories
Type: Formula  |  Latest Version: 0.12.0@0  |  Tracked Since: Dec 25, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: security git supply-chain attestation devops compliance
Install: brew install gittuf
About:
gittuf is a security layer for Git that implements the RSL (Reference State Log) to create a tamper-resistant audit trail for repository operations. It enables cryptographic verification of Git history, branches, and tags, protecting against unauthorized changes and supply chain attacks. The tool integrates with existing Git workflows while adding robust attestation and policy enforcement capabilities.
Key Features:
  • Reference State Log (RSL) for immutable audit trail
  • Cryptographic verification of Git operations and history
  • Policy framework for access control and signing requirements
  • Backward compatible with standard Git repositories
  • Attestation support for provenance and metadata
Use Cases:
  • Securing software supply chains by verifying commit authenticity
  • Compliance auditing for regulated environments requiring Git traceability
  • Protecting critical branches (main, release) from unauthorized modifications
  • Establishing trust in collaborative open-source development workflows
Alternatives:
  • git-sshsign – Basic SSH signature verification without comprehensive audit trail
  • Sigstore – Focuses on artifact signing rather than Git workflow security
  • GPG signing – Manual signature verification without automated policy enforcement
Version History
Detected Version Rev Change Commit
Dec 25, 2025 6:01pm 0.12.0 0 VERSION_BUMP 86238aca
Sep 12, 2025 9:20am 0 VERSION_BUMP e19da1a9
Sep 11, 2025 5:18pm 0 VERSION_BUMP 23124ad3
Dec 16, 2024 4:59pm 0 VERSION_BUMP bc8706c1
Dec 11, 2024 5:10pm 0 VERSION_BUMP cf18e3e5
Oct 2, 2024 12:44am 0 VERSION_BUMP bacc8f68